A Secure WLAN (SWLAN) must conform to an approved network architecture.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-4636	WIR0210	SV-4636r1_rule	ECSC-1 ECWN-1	High

Description
Approved network architectures have been assessed for IA risk. Non-approved architectures provide less assurance than approved architectures because they have not undergone the same level of evaluation.

STIG	Date
L3 KOV-26 Talon (Wireless Role) Security Technical Implementation Guide (STIG)	2014-04-07

Details

Check Text ( C-16036r1_chk )
Detailed Policy Requirements: The SWLAN architecture conforms to one of the approved configurations: LAN Extension: This architecture provides wireless access to the wired infrastructure using a Harris SecNet 11/ 54 or L3 KOV-26 Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 2.2 in the DISA FSO Wireless Overview for an example of the LAN Extension architecture. Wireless Bridging: This architecture provides point-to-point bridging using Harris SecNet 11/ 54 or Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 2.3 in the DISA FSO Wireless Overview for an example of the Wireless Bridging architecture. Wireless Peer-to-Peer: This architecture provides point-to-point communications between wireless clients using Harris SecNet 11/ 54 or Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 3.2 in the DISA FSO Wireless Overview for an example of the Wireless Peer-to-Peer architecture. Check Procedures: Interview the SA or IAO to obtain SWLAN network diagrams. Review the SWLAN architecture and ensure it conforms to one of the approved use cases.

Check Text ( C-16036r1_chk )

Detailed Policy Requirements:

The SWLAN architecture conforms to one of the approved configurations:
LAN Extension: This architecture provides wireless access to the wired infrastructure using a Harris SecNet 11/ 54 or L3 KOV-26 Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 2.2 in the DISA FSO Wireless Overview for an example of the LAN Extension architecture.

Wireless Bridging: This architecture provides point-to-point bridging using Harris SecNet 11/ 54 or Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 2.3 in the DISA FSO Wireless Overview for an example of the Wireless Bridging architecture.

Wireless Peer-to-Peer: This architecture provides point-to-point communications between wireless clients using Harris SecNet 11/ 54 or Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 3.2 in the DISA FSO Wireless Overview for an example of the Wireless Peer-to-Peer architecture.

Check Procedures:

Interview the SA or IAO to obtain SWLAN network diagrams. Review the SWLAN architecture and ensure it conforms to one of the approved use cases.

Fix Text (F-34117r1_fix)
Disable or remove the non-compliant SWLAN or reconfigure it to conform to one of the approved architectures.